From fdfabd725bb9852fbf608f6924cb3011996acec6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=85=86=E9=91=AB?= Date: Sat, 25 Oct 2025 23:12:14 +0800 Subject: [PATCH 1/3] =?UTF-8?q?fix:=20=E7=A7=BB=E9=99=A4Dockerfile?= =?UTF-8?q?=E4=B8=AD=E7=9A=84npm=E5=92=8Cyarn=E6=B3=A8=E5=86=8C=E8=A1=A8?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE=EF=BC=8C=E5=B9=B6=E6=B7=BB=E5=8A=A0.yarnrc?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E4=BB=A5=E9=85=8D=E7=BD=AE=E6=B3=A8=E5=86=8C?= =?UTF-8?q?=E8=A1=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- applications/KonSoft.AuthServer/.yarnrc | 1 + applications/KonSoft.AuthServer/Dockerfile | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) create mode 100644 applications/KonSoft.AuthServer/.yarnrc diff --git a/applications/KonSoft.AuthServer/.yarnrc b/applications/KonSoft.AuthServer/.yarnrc new file mode 100644 index 0000000..ccf4b03 --- /dev/null +++ b/applications/KonSoft.AuthServer/.yarnrc @@ -0,0 +1 @@ +registry "https://registry.npmmirror.com" \ No newline at end of file diff --git a/applications/KonSoft.AuthServer/Dockerfile b/applications/KonSoft.AuthServer/Dockerfile index 2371826..c5ce8c2 100644 --- a/applications/KonSoft.AuthServer/Dockerfile +++ b/applications/KonSoft.AuthServer/Dockerfile @@ -38,8 +38,6 @@ RUN dotnet nuget locals all --clear RUN dotnet nuget add source https://mirrors.huaweicloud.com/repository/nuget/v3/index.json -n HuaweiCloud RUN dotnet tool install -g Volo.Abp.Cli --version 8.3.4 ENV PATH="$PATH:/root/.dotnet/tools" -RUN npm config set registry https://registry.npmmirror.com -RUN yarn config set registry https://registry.npmmirror.com RUN abp install-libs RUN dotnet build "./KonSoft.AuthServer.csproj" -c $BUILD_CONFIGURATION -o /app/build From b8a25b3b523c8075ae94871b3860a3a005a9af12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=85=86=E9=91=AB?= Date: Sat, 25 Oct 2025 23:27:12 +0800 Subject: [PATCH 2/3] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0UseForwardedHeader?= =?UTF-8?q?s=E9=85=8D=E7=BD=AE=E4=BB=A5=E6=94=AF=E6=8C=81XForwardedFor?= =?UTF-8?q?=E5=92=8CXForwardedProto?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs index 33e8310..800a7a8 100644 --- a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs +++ b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs @@ -152,7 +152,10 @@ public class KonSoftAuthServerModule : AbpModule app.UseDeveloperExceptionPage(); } - app.UseForwardedHeaders(); + app.UseForwardedHeaders(new ForwardedHeadersOptions + { + ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto + }); app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) From ab1ffad6580314c0715397c66c92faf640c4e1e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=85=86=E9=91=AB?= Date: Sat, 25 Oct 2025 23:45:18 +0800 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0ForwardedHeaders?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E4=BB=A5=E6=94=AF=E6=8C=81CORS=E5=92=8CIP?= =?UTF-8?q?=E7=BD=91=E7=BB=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../KonSoftAuthServerModule.cs | 80 ++++++++----------- 1 file changed, 35 insertions(+), 45 deletions(-) diff --git a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs index 800a7a8..a847d1c 100644 --- a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs +++ b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs @@ -5,15 +5,17 @@ using KonSoft.Shared.Hosting.Microservices; using KonSoft.Shared.Localization.Localization; using Localization.Resources.AbpUi; using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; +using System; +using System.Linq; +using System.Net; using Volo.Abp; using Volo.Abp.Account; using Volo.Abp.Account.Localization; using Volo.Abp.Account.Web; -using Volo.Abp.AspNetCore.Mvc.AntiForgery; using Volo.Abp.AspNetCore.Mvc.UI.Bundling; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling; @@ -24,6 +26,7 @@ using Volo.Abp.Localization; using Volo.Abp.Modularity; using Volo.Abp.OpenIddict; using Volo.Abp.Security.Claims; +using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork; namespace KonSoft; @@ -55,10 +58,14 @@ public class KonSoftAuthServerModule : AbpModule if (!hostingEnvironment.IsDevelopment()) { - PreConfigure(options => + PreConfigure(options => { - options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always; - options.TokenCookie.SameSite = SameSiteMode.Lax; + options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | + ForwardedHeaders.XForwardedProto | + ForwardedHeaders.XForwardedHost; + + options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("::ffff:127.0.0.1"), 104)); + options.KnownProxies.Add(IPAddress.Parse("::ffff:127.0.0.1")); }); PreConfigure(options => @@ -110,35 +117,23 @@ public class KonSoftAuthServerModule : AbpModule options.IsDynamicClaimsEnabled = true; }); - // 配置转发头 - context.Services.Configure(options => + context.Services.AddCors(options => { - options.ForwardedHeaders = ForwardedHeaders.All; - options.KnownNetworks.Clear(); - options.KnownProxies.Clear(); - }); - - // 配置Cookie策略 - context.Services.Configure(options => - { - options.CheckConsentNeeded = context => false; - options.MinimumSameSitePolicy = SameSiteMode.Lax; - options.Secure = CookieSecurePolicy.Always; - }); - - // 配置应用Cookie - context.Services.ConfigureApplicationCookie(options => - { - options.Cookie.SecurePolicy = CookieSecurePolicy.Always; - options.Cookie.SameSite = SameSiteMode.Lax; - options.Cookie.HttpOnly = true; - }); - - // 配置外部认证Cookie - context.Services.ConfigureExternalCookie(options => - { - options.Cookie.SecurePolicy = CookieSecurePolicy.Always; - options.Cookie.SameSite = SameSiteMode.Lax; + options.AddDefaultPolicy(builder => + { + builder + .WithOrigins( + configuration["App:CorsOrigins"]? + .Split(",", StringSplitOptions.RemoveEmptyEntries) + .Select(o => o.RemovePostFix("/")) + .ToArray() ?? Array.Empty() + ) + .WithAbpExposedHeaders() + .SetIsOriginAllowedToAllowWildcardSubdomains() + .AllowAnyHeader() + .AllowAnyMethod() + .AllowCredentials(); + }); }); } @@ -147,21 +142,16 @@ public class KonSoftAuthServerModule : AbpModule var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); - if (env.IsDevelopment()) + app.UseForwardedHeaders(); + app.Use(async (ctx, next) => { - app.UseDeveloperExceptionPage(); - } - - app.UseForwardedHeaders(new ForwardedHeadersOptions - { - ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto + ctx.Request.Scheme = "https"; + await next(); }); - app.UseAbpRequestLocalization(); - if (!env.IsDevelopment()) - { - app.UseErrorPage(); - } + app.UseDeveloperExceptionPage(); + app.UseAbpRequestLocalization(); + app.UseErrorPage(); app.UseCorrelationId(); app.UseStaticFiles();